To save the activity/history of any user (including root), you need to open the user’s .bash_profile from his home directory.

Here, for instance, I would like to record all commands in a file when a user login as root or su to root. History will be stored in a file with name as DateTimeIPAddress from where user came.

Step 1. Go to root’s home:

$ cd ~

Step 2. You can make a hidden directory so that all history files will be stored there:

$ mkdir .rhistdata

Step 3. Open .bash_profile and write down following commands:

$ vi .bash_profile
# save root history
export HISTSIZE=3000
export HISTFILESIZE=5000
export HISTFILE=/root/.rhistdata/.bash_hist-$(who am i | awk '{print $3.$4.$5.$6}';exit)

Save and close the file.

It’s simple. You can try to login again as root, do something and logout. Login again and check that there’s file having all commands you performed.

* 5 steps to secure your Linux Server
* Ensuring secure access to production Linux Servers
* Bash script to backup essential log files in Linux
* Quickly change your ssh port from defualt 22 to something higher
* SSH port forwarding from remote to local machine
* Install and configure denyhost to prevent brute force attacks